Water nonprofit targets Denmark; SEC X updates energy

January 15, 2024
2 mins read

TLDR:

  • The ransomware as-a-service gang Medusa has targeted Water for People, a nonprofit organization that provides safe drinking water to communities in need, demanding a $300,000 ransom in exchange for not publishing the stolen information.
  • Research from ForeScout suggests that the cyberattacks on the Danish energy sector were not the work of the Sandworm hacking group, but rather two separate waves of attacks exploiting different vulnerabilities.
  • The U.S. Securities and Exchange Commission (SEC) stated that there is no evidence to suggest that the breach of its X account also involved a breach of the agency’s systems or data.
  • A Chinese espionage group named Volt Typhoon is exploiting discontinued Cisco routers that are still in use and may have compromised about 30% of the devices.
  • Europol has arrested a man in Ukraine who used hacked accounts to create one million virtual servers, which were used to mine $2 million in cryptocurrency.
  • Microsoft has released a fix to address a vulnerability in its Windows 10 BitLocker patch that previously allowed for encryption bypass.
  • Last week saw several ransomware attacks, including one on a mortgage lender, loanDepot, as well as attacks on the Toronto Zoo, Tigo Business, and Capital Health hospital network.

The nonprofit organization Water for People has been targeted by the ransomware as-a-service gang Medusa, which has listed the organization on its darknet site and is threatening to publish stolen information unless a $300,000 ransom is paid. The stolen information dates back to before 2021 and does not compromise the organization’s financial systems or impact its business operations.

Research from cybersecurity firm ForeScout suggests that last year’s cyberattacks on the Danish energy sector were not the work of the state-sponsored group Sandworm as previously suspected. Instead, the attacks were likely two separate waves of attacks that exploited different vulnerabilities. The first wave exploited a security flaw in Zyxel firewall, while the second wave used Mirai botnet variants on infected hosts as an access point.

The U.S. Securities and Exchange Commission (SEC) has stated that there is no evidence to suggest that the breach of its X account, which occurred earlier this week, also involved a breach of the agency’s systems, data, or other social media accounts. The breach was the result of an unidentified individual obtaining control of a phone number.

A Chinese government espionage unit named Volt Typhoon is exploiting discontinued Cisco routers, which were discontinued in 2019 and are slated to have service and support terminated on January 31, 2025. The group is exploiting two vulnerabilities in the routers and may have compromised about 30% of the devices.

Europol has arrested a 29-year-old man in Ukraine who used hacked accounts to create one million virtual servers, which were then used to mine $2 million in cryptocurrency. The suspect used automated tools to brute force passwords and gain access to administrative privileges, allowing him to create the virtual servers for the crypto mining process.

Microsoft has released a fix for a vulnerability in its Windows 10 BitLocker patch that previously allowed for encryption bypass. The initial fix, released as part of Patch Tuesday, resulted in an error message, but Microsoft has now released a PowerShell script to automate the update.

Last week saw several ransomware attacks, including an attack on mortgage lender loanDepot and attacks on the Toronto Zoo, Paraguay’s largest mobile carrier Tigo Business, and the Capital Health hospital network. Ransomware operators are increasingly targeting executives and hospital patients as part of their extortion tactics. Dutch police, working with Cisco Talos, were able to arrest a ransomware operator and recover decryption keys to allow victims of the Babuk-based Tortilla ransomware to recover their files for free.

Latest from Blog